# -*- mode: ruby -*-
# vi: set ft=ruby :

# Vagrant box for testing
Vagrant.configure("2") do |config|
  config.vm.box = "fedora/39-cloud-base"
  config.vm.box_url = "override-by-provider"
  memory = 8192
  cpus = 4

  config.vm.provider :virtualbox do |v, override|
    override.vm.box_url = "https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/39/Cloud/x86_64/images/Fedora-Cloud-Base-Vagrant-39-1.5.x86_64.vagrant-virtualbox.box"
    v.memory = memory
    v.cpus = cpus
  end

  config.vm.provider :libvirt do |v, override|
    override.vm.box_url = "https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/39/Cloud/x86_64/images/Fedora-Cloud-Base-Vagrant-39-1.5.x86_64.vagrant-libvirt.box"
    v.memory = memory
    v.cpus = cpus
  end

  if File.exist?("./ssh-config")
    config.ssh.config = "./ssh-config"
  end

  config.vm.provision "install-dependencies", type: "shell", run: "once" do |sh|
    sh.inline = <<~SHELL
      set -euxo pipefail

      # Use a non-localhost DNS to avoid cluster DNS lookup loops
      echo "nameserver 8.8.8.8" > /etc/resolv.conf

      # Install Go
      GO_VERSION=$(curl -sSfL "https://go.dev/VERSION?m=text" | head -n1)
      curl -sSfL -o- https://go.dev/dl/$GO_VERSION.linux-amd64.tar.gz |
        tar xfz - -C /usr/local

      echo 'export PATH=$PATH:/usr/local/go/bin' >> /etc/profile
      echo 'export GOPATH="$HOME/go"' >> /etc/profile
      echo 'export GOBIN="$GOPATH/bin"' >> /etc/profile

      KUBERNETES_VERSION=v1.34
      cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/$KUBERNETES_VERSION/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/$KUBERNETES_VERSION/rpm/repodata/repomd.xml.key
EOF

cat <<EOF | tee /etc/yum.repos.d/cri-o.repo
[cri-o]
name=CRI-O
baseurl=https://download.opensuse.org/repositories/isv:/cri-o:/prerelease:/main/rpm/
enabled=1
gpgcheck=1
gpgkey=https://download.opensuse.org/repositories/isv:/cri-o:/prerelease:/main/rpm/repodata/repomd.xml.key
EOF

      dnf install -y \
        conntrack \
        container-selinux \
        gcc \
        git \
        iptables \
        jq \
        kubeadm \
        kubectl \
        kubelet \
        kubernetes-cni \
        make \
        openssl \
        podman

      # conmon installs to /usr/libexec/crio/conmon
      # https://github.com/containers/conmon/issues/517
      dnf download --repo cri-o --arch x86_64 cri-o
      rpm -i --nodeps --force cri-o-*.rpm

      # Load the prebuilt container image
      podman load -i /vagrant/image.tar

      # Setup CRI-O
      printf '[crio.runtime]\nselinux = true' >/etc/crio/crio.conf.d/30-selinux.conf
      # Setup CNI to disable IPv6
      CNI_CONFIG=/etc/cni/net.d/10-crio-bridge.conflist
      jq 'del(.plugins[0].ipam.routes[1], .plugins[0].ipam.ranges[1])' $CNI_CONFIG.disabled >$CNI_CONFIG
      systemctl enable --now crio

      dnf remove -y \
        zram-generator-defaults

      hostnamectl set-hostname fedora

      # Configure system to work seamlessly on single node clusters
      modprobe br_netfilter
      ip6tables --list >/dev/null
      iptables -F
      sysctl -w net.ipv4.conf.all.route_localnet=1
      sysctl -w net.bridge.bridge-nf-call-iptables=1
      sysctl -w fs.inotify.max_user_watches=1048576
      iptables -t nat -I POSTROUTING -s 127.0.0.0/8 ! -d 127.0.0.0/8 -j MASQUERADE
      systemctl stop dev-zram0.swap

      /vagrant/hack/ci/install-kubernetes.sh
    SHELL
  end
end
